From the Boing Boing Shop

Follow Us

Here's a video of Ang Cui and Michael Costello's Hacking Cisco Phones talk at the 29th Chaos Communications Congress in BerlinHamburg. Cui gave a show-stealing talk last year on hacking HP printers, showing that he could turn your printer into a inside-the-firewall spy that systematically breaks vulnerable machines on your network, just by getting you to print out a document.

Cui's HP talk showed how HP had relied upon the idea that no one would ever want to hack a printer as its primary security. With Cisco, he's looking at a device that was designed with security in mind. The means by which he broke the phone's security is much more clever, and makes a fascinating case-study into the cat-and-mouse of system security.

Even more interesting is the discussion of what happened when Cui disclosed to Cisco, and how Cisco flubbed the patch they released to keep his exploit from working, and the social issues around convincing people that phones matter.

We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native Unix), the operating system that powers all Cisco TNP IP phones. We demonstrate the reliable exploitation of all Cisco TNP phones via multiple vulnerabilities found in the CNU kernel. We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels. We also demonstrate the worm-like propagation of our CNU malware, which can quickly compromise all vulnerable Cisco phones on the network. We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet. Lastly, we built on last year's presentation by discussing the feasibility of exploiting Cisco phones from compromised HP printers and vice versa.

We present the hardware and software reverse-engineering process which led to the discovery of the vulnerabilities described below. We also present methods of exploiting the following vulnerabilities remotely.

Got a 3D printer? Britt Michelsen Deadpool Knife Block Instructable will show you how to modify a 3D mesh of Deadpool, print it, paint it, and make the greatest kitchen-counter accouterments you could possibly want. (via Geekologie)

Science fiction writer/lawyer Casey Fiesler is a maven in the field of tech ethics education (she maintains the amazing spreadsheet of tech-ethics syllabi); she uses science fiction stories as a jumping-off point for her own classroom discussions of ethics in technology.

Ever wondered what it takes to make the transition from amateur photography to a full career? If you answered “a better camera,” you’re half right. Before you get the equipment, get the know-how to use it with the Hollywood Art Institute Photography Course & Certification. Taught by experienced pros, this course is geared towards shutterbugs […]

Anyone can learn piano, but don’t tell that to the bored kids who had to endure hours of “Chopsticks” and similar drills in their music lessons. Today, there’s a better way. Pianoforall lets you jump right in to discover what makes music fun, leaving you eager to learn more. In a simple but innovative approach, […]